浏览 15+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4817 | MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2026-04-17 01:24:37 | Deep Dive |
| CVE-2026-0559 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.4 | 2026-02-14 06:42:32 | Deep Dive |
| CVE-2025-13766 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.6 Missing Authorization to Authenticated (Subscriber+) Posts and Media Creation, Modification and Deletion | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 5.4 | 2026-01-06 08:21:48 | Deep Dive |
| CVE-2024-5973 | MasterStudy LMS < 3.3.24 - Privilege Escalation to Instructor | Unknown | MasterStudy LMS WordPress Plugin | - | - | 2024-07-22 06:00:06 | Deep Dive |
| CVE-2024-3942 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.3.8 - Missing Authorization | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.3 | 2024-05-02 16:52:11 | Deep Dive |
| CVE-2024-3136 | MasterStudy LMS <= 3.3.3 - Unauthenticated Local File Inclusion via template | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-04-09 18:59:08 | Deep Dive |
| CVE-2024-1904 | MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 4.3 | 2024-04-09 18:58:37 | Deep Dive |
| CVE-2024-2409 | MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-03-29 08:31:30 | Deep Dive |
| CVE-2024-2411 | MasterStudy LMS <= 3.3.0 - Unauthenticated Local File Inclusion via modal | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-03-29 08:31:30 | Deep Dive |
| CVE-2024-2106 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.10 - Basic Information Exposure via REST route | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 5.3 | 2024-03-13 15:26:40 | Deep Dive |
| CVE-2024-1512 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.2.5 - Unauthenticated SQL Injection | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Critical | 9.8 | 2024-02-17 07:36:57 | Deep Dive |
| CVE-2023-4278 | MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation | Unknown | MasterStudy LMS WordPress Plugin | 高危 | - | 2023-09-11 19:46:09 | Deep Dive |
| CVE-2023-35093 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Broken Access Control | StylemixThemes | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2023-06-22 11:07:21 | Deep Dive |
| CVE-2023-35090 | WordPress MasterStudy LMS Plugin <= 3.0.8 is vulnerable to Cross Site Scripting (XSS) | StylemixThemes | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2023-06-22 10:33:17 | Deep Dive |
| CVE-2022-0441 | MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation | Unknown | MasterStudy LMS – WordPress LMS Plugin | 超危 | - | 2022-03-07 08:16:43 | Deep Dive |